This article describes the limitations of using API keys in the Google Workspace environment.

Creating an API key bound to a service account

This is not considered the best practice for authentication. You can review possible options provided by Google at https://console.cloud.google.com/apis/credentials?project=vt-gcp-00039

This specific option is blocked due to the organization-wide policy. It adheres to a strong, well-established Google Cloud security practice to prevent the creation of permanent, high-risk credentials that can compromise a service account's identity.

Google Cloud's general security guidance is to use short-lived credentials and robust authentication mechanisms over API keys for service-to-service communication.
https://cloud.google.com/docs/authentication/api-keys#:~:text=Instead%2C%20plan%20to%20migrate%20to,keys%20bound%20to%20service%20accounts.

For Vertex AI, you can use a service account with the Vertex AI User role and authenticate via one of the short-lived credential methods (like using ADC on a VM or passing the service account credentials file securely in a development/test environment).